How to Evaluate Anti-Spam Products for Your Business

When a business has made the important decision to implement an anti-spam system for their email servers the next step is to undertake an evaluation of available solutions in the market.  In this post I will describe a high level approach to performing an anti-spam evaluation within your organisation.

Discover Available Products

If your organisation has no awareness of which anti-spam solutions exist in the market then the first step is to find out what is available.  This is as simple as performing some Google searches for terms such as “business antispam” or “Exchange antispam” (if you are using Microsoft Exchange Server for example).  You can also check out which products are mentioned in articles or advertised in banners on popular technology websites, particularly sites focusing on a business audience.

Another simple approach is to go and ask your contacts at other companies who you know to find out what they use and whether they have any quick comments to make as to their happiness with the solution they have implemented.

Once you have a list of products you can then learn a little more about them by searching for online reviews that have been written.

Contact Vendors

After you have learned about some of the products available you can get in touch with the vendors to find out more about the product, the availability of evaluation licenses, and any local pre-sales support that they offer either directly or via a partner.  Often times a vendor is more than happy to send a representative to your office to discuss their product and even perform a demonstration of it.

Pre-sales support is also very valuable during the testing and evaluation phase, so that any problems you encounter through inexperience with the new product can be resolved with assistance from experts.

Testing Phase

Before any evaluation is performed within your production environment you should first perform some testing in an isolated testing environment.  This testing will help familiarise you with the installation and configuration of the product, and gives you a chance to discover any problems or complexities that you need to resolve such as an incompatibility with other software you run on your servers.

Evaluation Phase

After you are satisfied from your testing phase that the product will not adversely impact your environment you can install it in the production environment and begin a more thorough evaluation process.Since you will likely be using an evaluation license that will expire after 30 days or so, and may be planning to remove the product so that others can also be evaluated afterwards, you should consider what this will mean for production systems involved in the evaluation.  To reduce the impact on other servers you should consider installing a dedicated server for the evaluation phase.

For example, time-limited evaluation licenses of Microsoft Windows Server and Exchange Server can be installed on spare hardware or within a VMWare environment, and the anti-spam product then installed on that temporary server.  This avoids having to later remove evaluation products from production systems.

Features to Evaluate

A commercial anti-spam solution has many features that are useful to organisations and should be thoroughly evaluated.

Integration – does the product integrate smoothly with your email (e.g. Microsoft Exchange) and directory (e.g. Microsoft Active Directory) servers?  Does it require a standalone server to run?  Does it use Active Directory authentication or its own authentication system?

Detection Methods -  does the product have a range of detection methods such as content filtering, blocklists, RBL services, and Bayesian filtering?

Quarantine Storage – does the product store quarantined items in the file system, a proprietary database, or a standard database such as Microsoft SQL Server?  Will you require a database server license to be purchased separately to host this?  Will you also require special backup agent licenses to backup the SQL databases?

End User Controls – do end users have self-service access to the quarantine?  Can end users configure their own personal blocklists and whitelists?

Reporting – does reporting require a special application console, or can it be run from a web browser?  Can report access be granted to non-IT staff without giving them admin access to the entire anti-spam system?

Anti-Spam Frameworks – does the product support anti-spam frameworks such as SPF, SenderID, or DKIM?

Licensing – how is the product licensed, per server or per mailbox user?  Does a single license cover a single user regardless of how many email addresses they have?

Scalability – can the product be centrally administered if it is installed across several mail entry points for large networks?

Recoverability – how is the product configuration and data backed up, and how easy is it to restore it if the anti-spam server crashes?

Conclusion

If you are considering anti-spam solutions for your business it is important to take the time and evaluate possible solutions properly.  Remember these basic steps:

• Learn about which products are available on the market
• Contact vendors to discuss your needs and access demonstrations and pre-sales support
• Perform a testing phase before the evaluation phase
• Utilise trial licenses of Windows, Exchange, and the anti-spam software, along with spare hardware or a VMWare environment to reduce the impact on production systems
• Evaluate all features thoroughly and consistently across the different products

By performing a proper evaluation of anti-spam products you greatly increase the chances that you will implement the product that is the best fit for your organisation.